Dictionary · SEC IM Guidance Update: Cybersecurity Guidance, No. 2015-02

To give support or aid to someone, typically by doing a share of the work; help.

To exercise authority over; direct; regulate. This include exercising authority over the processesses of issuance and revocation, management, and auditing.

To make smaller or less in amount, degree , or size.

To bring something or cause to come into existence; originate; make; design.

To shield or defend from danger, harm, injury, loss, destruction, or damage.

To establish, indicate, or verify who or what someone or something is.

To put a plan, policy, decision, agreement, etc. into action or effect.

To give or provide with information or intellectual, social, or moral instruction; inform.

To lessen or to try to lessen the severity, pain, seriousness, extent, or gravity of.

To act in accordance with a wish, command, law, standard, or contractual obligation.

To manage, control, or organize and carry out.

A cyberspace attack targeting an enterprises use of cyberspace to disrupt, disable, destroy, or maliciously control a computing environment or infrastructure; or destroy the integrity of the data or steal controlled information.

The ability, right, or permission to approach, enter, speak with someone, or use something.

A particular point or position in space.

The fact or process of being deprived of or ceasing to have or retain something.

The basic or inherent qualities, characteristics, or features of something.

An assessment that is conducted on a regular interval.

The extent or boundary to which a process, configuration item, application, contract, etc. applies.

A safeguard or countermeasure to avoid, counteract or minimize security risks relating to personal property, or any company property. For business-to-business facing organizations whose service may affect the financial statements of the other company, the prospect may require successful audit reports of policy controls.

A series of actions that ensure the protection of data.

Information whose loss, misuse, unauthorized access to, modification, or destruction, could adversely affect the national interest or the conduct of federal programs, or privacy to which individuals are entitled, but which has not been specifically authorized to be kept secret in the interest of national defense or foreign policy, etc.

A measure of the importance assigned to information by its owner, for the purpose of denoting its need for protection.

An interconnected set of information resources under the same direct management control which shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people.

Make or adapt for a particular purpose or person.

A usually commercial or mercantile activity engaged in as a means of livelihood.

A person or organization using the services of a company or professional person, such as a lawyer, psychologist, financial advisor, etc.

An official expression of principles that direct an organization's approach to compliance.

A detailed description of the steps necessary to implement or perform something in conformance with applicable standards.

Compliance programs aim to prevent, and where necessary, identify and respond to, breaches of laws, regulations, codes or organizational standards occurring in the organization; and promote a culture of compliance within the organization.

The various legal, contractual, and service level requirements that an organization must follow.

The risk to current and prospective earnings that arises from violating or not acting in accordance with laws, rules, regulations, prescribed practices, or ethical standards.

To bring into danger, suspicion, or disrepute.

A potential cyber attack, which may be assigned a probability of occurrence that can be used for cyber risk assessment.

A documented series of steps that are taken to detect, triage, and resolve events regarding cybersecurity that disrupt operations and alert applicable personnel and clients in conformance with pertinent standards.

A set of criteria for the provision of security services.

A flaw in a organization's system which leaves it exposed to and defenseless against a cyberthreat.

A plan of action designed to achieve a long-term or overall aim regarding how to resolve cyber incidents.

The process of identifying risks and vulnerabilities and applying administrative actions and comprehensive solutions to ensure that the organization is adequately protected.

Activities that are used to teach people about tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets.

A subset of information in an electronic format that allows it to be retrieved or transmitted. (CNSSI-4009)

The physical copying of data files to a removable storage device that allows the data to be stored in another location.

The reversible transformation of data from the original, plain text, version to a difficult-to-interpret format for security purposes.

The process of growing, advancing, or elaborate.

The capacity to accomplish a purpose or function as intended.

The unauthorized file transfer or other bulk data transfer that creates a security breach by allowing malicious people outside a security perimeter access to confidential information.

The potential loss or compromise to an area caused by an adverse event.

Consists of a handful of laws passed between 1933 and 1940, as well as legislation enacted in 1970. The federal laws stem from Congress's power to regulate interstate commerce. Therefore the laws are generally limited to transactions involving transportation or communication using interstate commerce or the mail.

Specifies the distribution of rights and responsibilities among different participants in the corporation, such as the board, managers, shareholders and other stakeholders, and spells out the rules and procedures for making decisions on corporate affairs.

In Information Security: the magnitude of harm that can be expected to result from unauthorized disclosure, modification, or destruction of information, loss of information or loss of information system availability.

Make part of a whole or set.

The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization's IT systems(s).

Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.

Information technology systems are collectively the equipment used to create, store and transmit digital data and any related software owned (or otherwise controlled) and used by the State and its agencies to fulfill its service and obligations to the citizens of Arizona.

A person who commits capital in order to gain financial returns.